search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
smbXsrv_session:idl: remove the preauth and gensec members
[Samba.git] / source3 / modules / vfs_gpfs.c
blob3260d2fa7eaf34144e63767d241b0d1500142e1d
1 /*
2 * Unix SMB/CIFS implementation.
3 * Samba VFS module for GPFS filesystem
4 * Copyright (C) Christian Ambach <cambach1@de.ibm.com> 2006
5 * Copyright (C) Christof Schmitt 2015
6 * Major code contributions by Chetan Shringarpure <chetan.sh@in.ibm.com>
7 * and Gomati Mohanan <gomati.mohanan@in.ibm.com>
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "smbd/smbd.h"
25 #include "librpc/gen_ndr/ndr_xattr.h"
26 #include "include/smbprofile.h"
27 #include "modules/non_posix_acls.h"
28 #include "libcli/security/security.h"
29 #include "nfs4_acls.h"
30 #include "system/filesys.h"
31 #include "auth.h"
32 #include "lib/util/tevent_unix.h"
33 #include "lib/util/gpfswrap.h"
34
35 #undef DBGC_CLASS
36 #define DBGC_CLASS DBGC_VFS
37
38 #ifndef GPFS_GETACL_NATIVE
39 #define GPFS_GETACL_NATIVE 0x00000004
40 #endif
41
42 struct gpfs_config_data {
43 bool sharemodes;
44 bool leases;
45 bool hsm;
46 bool syncio;
47 bool winattr;
48 bool ftruncate;
49 bool getrealfilename;
50 bool dfreequota;
51 bool prealloc;
52 bool acl;
53 bool settimes;
54 bool recalls;
55 };
56
57 static inline unsigned int gpfs_acl_flags(gpfs_acl_t *gacl)
58 {
59 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
60 return gacl->v4Level1.acl_flags;
61 }
62 return 0;
63 }
64
65 static inline gpfs_ace_v4_t *gpfs_ace_ptr(gpfs_acl_t *gacl, unsigned int i)
66 {
67 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
68 return &gacl->v4Level1.ace_v4[i];
69 }
70 return &gacl->ace_v4[i];
71 }
72
73 static bool set_gpfs_sharemode(files_struct *fsp, uint32_t access_mask,
74 uint32_t share_access)
75 {
76 unsigned int allow = GPFS_SHARE_NONE;
77 unsigned int deny = GPFS_DENY_NONE;
78 int result;
79
80 if ((fsp == NULL) || (fsp->fh == NULL) || (fsp->fh->fd < 0)) {
81 /* No real file, don't disturb */
82 return True;
83 }
84
85 allow |= (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA|
86 DELETE_ACCESS)) ? GPFS_SHARE_WRITE : 0;
87 allow |= (access_mask & (FILE_READ_DATA|FILE_EXECUTE)) ?
88 GPFS_SHARE_READ : 0;
89
90 if (allow == GPFS_SHARE_NONE) {
91 DEBUG(10, ("special case am=no_access:%x\n",access_mask));
92 }
93 else {
94 deny |= (share_access & FILE_SHARE_WRITE) ?
95 0 : GPFS_DENY_WRITE;
96 deny |= (share_access & (FILE_SHARE_READ)) ?
97 0 : GPFS_DENY_READ;
98 }
99 DEBUG(10, ("am=%x, allow=%d, sa=%x, deny=%d\n",
100 access_mask, allow, share_access, deny));
101
102 result = gpfswrap_set_share(fsp->fh->fd, allow, deny);
103 if (result != 0) {
104 if (errno == ENOSYS) {
105 DEBUG(5, ("VFS module vfs_gpfs loaded, but gpfs "
106 "set_share function support not available. "
107 "Allowing access\n"));
108 return True;
109 } else {
110 DEBUG(10, ("gpfs_set_share failed: %s\n",
111 strerror(errno)));
112 }
113 }
114
115 return (result == 0);
116 }
117
118 static int vfs_gpfs_kernel_flock(vfs_handle_struct *handle, files_struct *fsp,
119 uint32_t share_mode, uint32_t access_mask)
120 {
121
122 struct gpfs_config_data *config;
123 int ret = 0;
124
125 SMB_VFS_HANDLE_GET_DATA(handle, config,
126 struct gpfs_config_data,
127 return -1);
128
129 if(!config->sharemodes) {
130 return 0;
131 }
132
133 /*
134 * A named stream fsp will have the basefile open in the fsp
135 * fd, so lacking a distinct fd for the stream we have to skip
136 * kernel_flock and set_gpfs_sharemode for stream.
137 */
138 if (!is_ntfs_default_stream_smb_fname(fsp->fsp_name)) {
139 DEBUG(2,("%s: kernel_flock on stream\n", fsp_str_dbg(fsp)));
140 return 0;
141 }
142
143 START_PROFILE(syscall_kernel_flock);
144
145 kernel_flock(fsp->fh->fd, share_mode, access_mask);
146
147 if (!set_gpfs_sharemode(fsp, access_mask, fsp->share_access)) {
148 ret = -1;
149 }
150
151 END_PROFILE(syscall_kernel_flock);
152
153 return ret;
154 }
155
156 static int vfs_gpfs_close(vfs_handle_struct *handle, files_struct *fsp)
157 {
158
159 struct gpfs_config_data *config;
160
161 SMB_VFS_HANDLE_GET_DATA(handle, config,
162 struct gpfs_config_data,
163 return -1);
164
165 if (config->sharemodes && (fsp->fh != NULL) && (fsp->fh->fd != -1)) {
166 set_gpfs_sharemode(fsp, 0, 0);
167 }
168
169 return SMB_VFS_NEXT_CLOSE(handle, fsp);
170 }
171
172 static int set_gpfs_lease(int fd, int leasetype)
173 {
174 int gpfs_type = GPFS_LEASE_NONE;
175
176 if (leasetype == F_RDLCK) {
177 gpfs_type = GPFS_LEASE_READ;
178 }
179 if (leasetype == F_WRLCK) {
180 gpfs_type = GPFS_LEASE_WRITE;
181 }
182
183 /* we unconditionally set CAP_LEASE, rather than looking for
184 -1/EACCES as there is a bug in some versions of
185 libgpfs_gpl.so which results in a leaked fd on /dev/ss0
186 each time we try this with the wrong capabilities set
187 */
188 linux_set_lease_capability();
189 return gpfswrap_set_lease(fd, gpfs_type);
190 }
191
192 static int vfs_gpfs_setlease(vfs_handle_struct *handle, files_struct *fsp,
193 int leasetype)
194 {
195 struct gpfs_config_data *config;
196 int ret=0;
197
198 SMB_VFS_HANDLE_GET_DATA(handle, config,
199 struct gpfs_config_data,
200 return -1);
201
202 START_PROFILE(syscall_linux_setlease);
203
204 if (linux_set_lease_sighandler(fsp->fh->fd) == -1) {
205 ret = -1;
206 goto failure;
207 }
208
209 if (config->leases) {
210 /*
211 * Ensure the lease owner is root to allow
212 * correct delivery of lease-break signals.
213 */
214 become_root();
215 ret = set_gpfs_lease(fsp->fh->fd,leasetype);
216 unbecome_root();
217 }
218
219 failure:
220 END_PROFILE(syscall_linux_setlease);
221
222 return ret;
223 }
224
225 static int vfs_gpfs_get_real_filename(struct vfs_handle_struct *handle,
226 const char *path,
227 const char *name,
228 TALLOC_CTX *mem_ctx,
229 char **found_name)
230 {
231 int result;
232 char *full_path;
233 char real_pathname[PATH_MAX+1];
234 int buflen;
235 bool mangled;
236 struct gpfs_config_data *config;
237
238 SMB_VFS_HANDLE_GET_DATA(handle, config,
239 struct gpfs_config_data,
240 return -1);
241
242 if (!config->getrealfilename) {
243 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
244 mem_ctx, found_name);
245 }
246
247 mangled = mangle_is_mangled(name, handle->conn->params);
248 if (mangled) {
249 return SMB_VFS_NEXT_GET_REAL_FILENAME(handle, path, name,
250 mem_ctx, found_name);
251 }
252
253 full_path = talloc_asprintf(talloc_tos(), "%s/%s", path, name);
254 if (full_path == NULL) {
255 errno = ENOMEM;
256 return -1;
257 }
258
259 buflen = sizeof(real_pathname) - 1;
260
261 result = gpfswrap_get_realfilename_path(full_path, real_pathname,
262 &buflen);
263
264 TALLOC_FREE(full_path);
265
266 if ((result == -1) && (errno == ENOSYS)) {
267 return SMB_VFS_NEXT_GET_REAL_FILENAME(
268 handle, path, name, mem_ctx, found_name);
269 }
270
271 if (result == -1) {
272 DEBUG(10, ("smbd_gpfs_get_realfilename_path returned %s\n",
273 strerror(errno)));
274 return -1;
275 }
276
277 /*
278 * GPFS does not necessarily null-terminate the returned path
279 * but instead returns the buffer length in buflen.
280 */
281
282 if (buflen < sizeof(real_pathname)) {
283 real_pathname[buflen] = '\0';
284 } else {
285 real_pathname[sizeof(real_pathname)-1] = '\0';
286 }
287
288 DEBUG(10, ("smbd_gpfs_get_realfilename_path: %s/%s -> %s\n",
289 path, name, real_pathname));
290
291 name = strrchr_m(real_pathname, '/');
292 if (name == NULL) {
293 errno = ENOENT;
294 return -1;
295 }
296
297 *found_name = talloc_strdup(mem_ctx, name+1);
298 if (*found_name == NULL) {
299 errno = ENOMEM;
300 return -1;
301 }
302
303 return 0;
304 }
305
306 static void sd2gpfs_control(uint16_t control, struct gpfs_acl *gacl)
307 {
308 unsigned int gpfs_aclflags = 0;
309 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
310 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
311 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
312 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
313 gpfs_aclflags = control << 8;
314 if (!(control & SEC_DESC_DACL_PRESENT))
315 gpfs_aclflags |= ACL4_FLAG_NULL_DACL;
316 if (!(control & SEC_DESC_SACL_PRESENT))
317 gpfs_aclflags |= ACL4_FLAG_NULL_SACL;
318 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
319 gacl->v4Level1.acl_flags = gpfs_aclflags;
320 }
321
322 static uint16_t gpfs2sd_control(unsigned int gpfs_aclflags)
323 {
324 uint16_t control = gpfs_aclflags >> 8;
325 control &= SEC_DESC_DACL_PROTECTED | SEC_DESC_SACL_PROTECTED |
326 SEC_DESC_DACL_AUTO_INHERITED | SEC_DESC_SACL_AUTO_INHERITED |
327 SEC_DESC_DACL_DEFAULTED | SEC_DESC_SACL_DEFAULTED |
328 SEC_DESC_DACL_PRESENT | SEC_DESC_SACL_PRESENT;
329 control |= SEC_DESC_SELF_RELATIVE;
330 return control;
331 }
332
333 static void gpfs_dumpacl(int level, struct gpfs_acl *gacl)
334 {
335 gpfs_aclCount_t i;
336 if (gacl==NULL)
337 {
338 DEBUG(0, ("gpfs acl is NULL\n"));
339 return;
340 }
341
342 DEBUG(level, ("len: %d, level: %d, version: %d, nace: %d, "
343 "control: %x\n",
344 gacl->acl_len, gacl->acl_level, gacl->acl_version,
345 gacl->acl_nace, gpfs_acl_flags(gacl)));
346
347 for(i=0; i<gacl->acl_nace; i++)
348 {
349 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
350 DEBUG(level, ("\tace[%d]: type:%d, flags:0x%x, mask:0x%x, "
351 "iflags:0x%x, who:%u\n",
352 i, gace->aceType, gace->aceFlags, gace->aceMask,
353 gace->aceIFlags, gace->aceWho));
354 }
355 }
356
357 /*
358 * get the ACL from GPFS, allocated on the specified mem_ctx
359 * internally retries when initial buffer was too small
360 *
361 * caller needs to cast result to either
362 * raw = yes: struct gpfs_opaque_acl
363 * raw = no: struct gpfs_acl
364 *
365 */
366 static void *vfs_gpfs_getacl(TALLOC_CTX *mem_ctx,
367 const char *fname,
368 const bool raw,
369 const gpfs_aclType_t type)
370 {
371
372 void *aclbuf;
373 size_t size = 512;
374 int ret, flags;
375 unsigned int *len;
376 size_t struct_size;
377
378 again:
379
380 aclbuf = talloc_zero_size(mem_ctx, size);
381 if (aclbuf == NULL) {
382 errno = ENOMEM;
383 return NULL;
384 }
385
386 if (raw) {
387 struct gpfs_opaque_acl *buf = (struct gpfs_opaque_acl *) aclbuf;
388 buf->acl_type = type;
389 flags = GPFS_GETACL_NATIVE;
390 len = (unsigned int *) &(buf->acl_buffer_len);
391 struct_size = sizeof(struct gpfs_opaque_acl);
392 } else {
393 struct gpfs_acl *buf = (struct gpfs_acl *) aclbuf;
394 buf->acl_type = type;
395 buf->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
396 flags = GPFS_GETACL_STRUCT;
397 len = &(buf->acl_len);
398 /* reserve space for control flags in gpfs 3.5 and beyond */
399 struct_size = sizeof(struct gpfs_acl) + sizeof(unsigned int);
400 }
401
402 /* set the length of the buffer as input value */
403 *len = size;
404
405 errno = 0;
406 ret = gpfswrap_getacl(discard_const_p(char, fname), flags, aclbuf);
407 if ((ret != 0) && (errno == ENOSPC)) {
408 /*
409 * get the size needed to accommodate the complete buffer
410 *
411 * the value returned only applies to the ACL blob in the
412 * struct so make sure to also have headroom for the first
413 * struct members by adding room for the complete struct
414 * (might be a few bytes too much then)
415 */
416 size = *len + struct_size;
417 talloc_free(aclbuf);
418 DEBUG(10, ("Increasing ACL buffer size to %zu\n", size));
419 goto again;
420 }
421
422 if (ret != 0) {
423 DEBUG(5, ("smbd_gpfs_getacl failed with %s\n",
424 strerror(errno)));
425 talloc_free(aclbuf);
426 return NULL;
427 }
428
429 return aclbuf;
430 }
431
432 /* Tries to get nfs4 acls and returns SMB ACL allocated.
433 * On failure returns 1 if it got non-NFSv4 ACL to prompt
434 * retry with POSIX ACL checks.
435 * On failure returns -1 if there is system (GPFS) error, check errno.
436 * Returns 0 on success
437 */
438 static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname, SMB4ACL_T **ppacl)
439 {
440 gpfs_aclCount_t i;
441 struct gpfs_acl *gacl = NULL;
442 DEBUG(10, ("gpfs_get_nfs4_acl invoked for %s\n", fname));
443
444 /* Get the ACL */
445 gacl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(), fname,
446 false, 0);
447 if (gacl == NULL) {
448 DEBUG(9, ("gpfs_getacl failed for %s with %s\n",
449 fname, strerror(errno)));
450 if (errno == ENODATA) {
451 /*
452 * GPFS returns ENODATA for snapshot
453 * directories. Retry with POSIX ACLs check.
454 */
455 return 1;
456 }
457
458 return -1;
459 }
460
461 if (gacl->acl_type != GPFS_ACL_TYPE_NFS4) {
462 DEBUG(10, ("Got non-nfsv4 acl\n"));
463 /* Retry with POSIX ACLs check */
464 talloc_free(gacl);
465 return 1;
466 }
467
468 *ppacl = smb_create_smb4acl(mem_ctx);
469
470 if (gacl->acl_level == GPFS_ACL_LEVEL_V4FLAGS) {
471 uint16_t control = gpfs2sd_control(gpfs_acl_flags(gacl));
472 smbacl4_set_controlflags(*ppacl, control);
473 }
474
475 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d, control: %x\n",
476 gacl->acl_len, gacl->acl_level, gacl->acl_version,
477 gacl->acl_nace, gpfs_acl_flags(gacl)));
478
479 for (i=0; i<gacl->acl_nace; i++) {
480 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, i);
481 SMB_ACE4PROP_T smbace = { 0 };
482 DEBUG(10, ("type: %d, iflags: %x, flags: %x, mask: %x, "
483 "who: %d\n", gace->aceType, gace->aceIFlags,
484 gace->aceFlags, gace->aceMask, gace->aceWho));
485
486 if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) {
487 smbace.flags |= SMB_ACE4_ID_SPECIAL;
488 switch (gace->aceWho) {
489 case ACE4_SPECIAL_OWNER:
490 smbace.who.special_id = SMB_ACE4_WHO_OWNER;
491 break;
492 case ACE4_SPECIAL_GROUP:
493 smbace.who.special_id = SMB_ACE4_WHO_GROUP;
494 break;
495 case ACE4_SPECIAL_EVERYONE:
496 smbace.who.special_id = SMB_ACE4_WHO_EVERYONE;
497 break;
498 default:
499 DEBUG(8, ("invalid special gpfs id %d "
500 "ignored\n", gace->aceWho));
501 continue; /* don't add it */
502 }
503 } else {
504 if (gace->aceFlags & ACE4_FLAG_GROUP_ID)
505 smbace.who.gid = gace->aceWho;
506 else
507 smbace.who.uid = gace->aceWho;
508 }
509
510 /* remove redundant deny entries */
511 if (i > 0 && gace->aceType == SMB_ACE4_ACCESS_DENIED_ACE_TYPE) {
512 struct gpfs_ace_v4 *prev = gpfs_ace_ptr(gacl, i - 1);
513 if (prev->aceType == SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE &&
514 prev->aceFlags == gace->aceFlags &&
515 prev->aceIFlags == gace->aceIFlags &&
516 (gace->aceMask & prev->aceMask) == 0 &&
517 gace->aceWho == prev->aceWho) {
518 /* it's redundant - skip it */
519 continue;
520 }
521 }
522
523 smbace.aceType = gace->aceType;
524 smbace.aceFlags = gace->aceFlags;
525 smbace.aceMask = gace->aceMask;
526 smb_add_ace4(*ppacl, &smbace);
527 }
528
529 talloc_free(gacl);
530
531 return 0;
532 }
533
534 static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
535 files_struct *fsp, uint32_t security_info,
536 TALLOC_CTX *mem_ctx,
537 struct security_descriptor **ppdesc)
538 {
539 SMB4ACL_T *pacl = NULL;
540 int result;
541 struct gpfs_config_data *config;
542 TALLOC_CTX *frame = talloc_stackframe();
543 NTSTATUS status;
544
545 *ppdesc = NULL;
546
547 SMB_VFS_HANDLE_GET_DATA(handle, config,
548 struct gpfs_config_data,
549 return NT_STATUS_INTERNAL_ERROR);
550
551 if (!config->acl) {
552 status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
553 mem_ctx, ppdesc);
554 TALLOC_FREE(frame);
555 return status;
556 }
557
558 result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl);
559
560 if (result == 0) {
561 status = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx,
562 ppdesc, pacl);
563 TALLOC_FREE(frame);
564 return status;
565 }
566
567 if (result > 0) {
568 DEBUG(10, ("retrying with posix acl...\n"));
569 status = posix_fget_nt_acl(fsp, security_info,
570 mem_ctx, ppdesc);
571 TALLOC_FREE(frame);
572 return status;
573 }
574
575 TALLOC_FREE(frame);
576
577 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
578 return map_nt_error_from_unix(errno);
579 }
580
581 static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
582 const char *name,
583 uint32_t security_info,
584 TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc)
585 {
586 SMB4ACL_T *pacl = NULL;
587 int result;
588 struct gpfs_config_data *config;
589 TALLOC_CTX *frame = talloc_stackframe();
590 NTSTATUS status;
591
592 *ppdesc = NULL;
593
594 SMB_VFS_HANDLE_GET_DATA(handle, config,
595 struct gpfs_config_data,
596 return NT_STATUS_INTERNAL_ERROR);
597
598 if (!config->acl) {
599 status = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
600 mem_ctx, ppdesc);
601 TALLOC_FREE(frame);
602 return status;
603 }
604
605 result = gpfs_get_nfs4_acl(frame, name, &pacl);
606
607 if (result == 0) {
608 status = smb_get_nt_acl_nfs4(handle->conn, name, security_info,
609 mem_ctx, ppdesc, pacl);
610 TALLOC_FREE(frame);
611 return status;
612 }
613
614 if (result > 0) {
615 DEBUG(10, ("retrying with posix acl...\n"));
616 status = posix_get_nt_acl(handle->conn, name, security_info,
617 mem_ctx, ppdesc);
618 TALLOC_FREE(frame);
619 return status;
620 }
621
622 /* GPFS ACL was not read, something wrong happened, error code is set in errno */
623 TALLOC_FREE(frame);
624 return map_nt_error_from_unix(errno);
625 }
626
627 static struct gpfs_acl *vfs_gpfs_smbacl2gpfsacl(TALLOC_CTX *mem_ctx,
628 files_struct *fsp,
629 SMB4ACL_T *smbacl,
630 bool controlflags)
631 {
632 struct gpfs_acl *gacl;
633 gpfs_aclLen_t gacl_len;
634 SMB4ACE_T *smbace;
635
636 gacl_len = offsetof(gpfs_acl_t, ace_v4) + sizeof(unsigned int)
637 + smb_get_naces(smbacl) * sizeof(gpfs_ace_v4_t);
638
639 gacl = (struct gpfs_acl *)TALLOC_SIZE(mem_ctx, gacl_len);
640 if (gacl == NULL) {
641 DEBUG(0, ("talloc failed\n"));
642 errno = ENOMEM;
643 return NULL;
644 }
645
646 gacl->acl_level = GPFS_ACL_LEVEL_BASE;
647 gacl->acl_version = GPFS_ACL_VERSION_NFS4;
648 gacl->acl_type = GPFS_ACL_TYPE_NFS4;
649 gacl->acl_nace = 0; /* change later... */
650
651 if (controlflags) {
652 gacl->acl_level = GPFS_ACL_LEVEL_V4FLAGS;
653 sd2gpfs_control(smbacl4_get_controlflags(smbacl), gacl);
654 }
655
656 for (smbace=smb_first_ace4(smbacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
657 struct gpfs_ace_v4 *gace = gpfs_ace_ptr(gacl, gacl->acl_nace);
658 SMB_ACE4PROP_T *aceprop = smb_get_ace4(smbace);
659
660 gace->aceType = aceprop->aceType;
661 gace->aceFlags = aceprop->aceFlags;
662 gace->aceMask = aceprop->aceMask;
663
664 /*
665 * GPFS can't distinguish between WRITE and APPEND on
666 * files, so one being set without the other is an
667 * error. Sorry for the many ()'s :-)
668 */
669
670 if (!fsp->is_directory
671 &&
672 ((((gace->aceMask & ACE4_MASK_WRITE) == 0)
673 && ((gace->aceMask & ACE4_MASK_APPEND) != 0))
674 ||
675 (((gace->aceMask & ACE4_MASK_WRITE) != 0)
676 && ((gace->aceMask & ACE4_MASK_APPEND) == 0)))
677 &&
678 lp_parm_bool(fsp->conn->params->service, "gpfs",
679 "merge_writeappend", True)) {
680 DEBUG(2, ("vfs_gpfs.c: file [%s]: ACE contains "
681 "WRITE^APPEND, setting WRITE|APPEND\n",
682 fsp_str_dbg(fsp)));
683 gace->aceMask |= ACE4_MASK_WRITE|ACE4_MASK_APPEND;
684 }
685
686 gace->aceIFlags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_IFLAG_SPECIAL_ID : 0;
687
688 if (aceprop->flags&SMB_ACE4_ID_SPECIAL)
689 {
690 switch(aceprop->who.special_id)
691 {
692 case SMB_ACE4_WHO_EVERYONE:
693 gace->aceWho = ACE4_SPECIAL_EVERYONE;
694 break;
695 case SMB_ACE4_WHO_OWNER:
696 gace->aceWho = ACE4_SPECIAL_OWNER;
697 break;
698 case SMB_ACE4_WHO_GROUP:
699 gace->aceWho = ACE4_SPECIAL_GROUP;
700 break;
701 default:
702 DEBUG(8, ("unsupported special_id %d\n", aceprop->who.special_id));
703 continue; /* don't add it !!! */
704 }
705 } else {
706 /* just only for the type safety... */
707 if (aceprop->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
708 gace->aceWho = aceprop->who.gid;
709 else
710 gace->aceWho = aceprop->who.uid;
711 }
712
713 gacl->acl_nace++;
714 }
715 gacl->acl_len = (char *)gpfs_ace_ptr(gacl, gacl->acl_nace)
716 - (char *)gacl;
717 return gacl;
718 }
719
720 static bool gpfsacl_process_smbacl(vfs_handle_struct *handle,
721 files_struct *fsp,
722 SMB4ACL_T *smbacl)
723 {
724 int ret;
725 struct gpfs_acl *gacl;
726 TALLOC_CTX *mem_ctx = talloc_tos();
727
728 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, true);
729 if (gacl == NULL) { /* out of memory */
730 return False;
731 }
732 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
733 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA, gacl);
734
735 if ((ret != 0) && (errno == EINVAL)) {
736 DEBUG(10, ("Retry without nfs41 control flags\n"));
737 talloc_free(gacl);
738 gacl = vfs_gpfs_smbacl2gpfsacl(mem_ctx, fsp, smbacl, false);
739 if (gacl == NULL) { /* out of memory */
740 return False;
741 }
742 ret = gpfswrap_putacl(fsp->fsp_name->base_name,
743 GPFS_PUTACL_STRUCT | GPFS_ACL_SAMBA,
744 gacl);
745 }
746
747 if (ret != 0) {
748 DEBUG(8, ("gpfs_putacl failed with %s\n", strerror(errno)));
749 gpfs_dumpacl(8, gacl);
750 return False;
751 }
752
753 DEBUG(10, ("gpfs_putacl succeeded\n"));
754 return True;
755 }
756
757 static NTSTATUS gpfsacl_set_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
758 {
759 struct gpfs_acl *acl;
760 NTSTATUS result = NT_STATUS_ACCESS_DENIED;
761
762 acl = (struct gpfs_acl*) vfs_gpfs_getacl(talloc_tos(),
763 fsp->fsp_name->base_name,
764 false, 0);
765 if (acl == NULL) {
766 return map_nt_error_from_unix(errno);
767 }
768
769 if (acl->acl_version == GPFS_ACL_VERSION_NFS4) {
770 if (lp_parm_bool(fsp->conn->params->service, "gpfs",
771 "refuse_dacl_protected", false)
772 && (psd->type&SEC_DESC_DACL_PROTECTED)) {
773 DEBUG(2, ("Rejecting unsupported ACL with DACL_PROTECTED bit set\n"));
774 talloc_free(acl);
775 return NT_STATUS_NOT_SUPPORTED;
776 }
777
778 result = smb_set_nt_acl_nfs4(handle,
779 fsp, security_info_sent, psd,
780 gpfsacl_process_smbacl);
781 } else { /* assume POSIX ACL - by default... */
782 result = set_nt_acl(fsp, security_info_sent, psd);
783 }
784
785 talloc_free(acl);
786 return result;
787 }
788
789 static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
790 {
791 struct gpfs_config_data *config;
792
793 SMB_VFS_HANDLE_GET_DATA(handle, config,
794 struct gpfs_config_data,
795 return NT_STATUS_INTERNAL_ERROR);
796
797 if (!config->acl) {
798 return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
799 }
800
801 return gpfsacl_set_nt_acl_internal(handle, fsp, security_info_sent, psd);
802 }
803
804 static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx)
805 {
806 SMB_ACL_T result;
807 gpfs_aclCount_t i;
808
809 result = sys_acl_init(mem_ctx);
810 if (result == NULL) {
811 errno = ENOMEM;
812 return NULL;
813 }
814
815 result->count = pacl->acl_nace;
816 result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry,
817 result->count);
818 if (result->acl == NULL) {
819 TALLOC_FREE(result);
820 errno = ENOMEM;
821 return NULL;
822 }
823
824 for (i=0; i<pacl->acl_nace; i++) {
825 struct smb_acl_entry *ace = &result->acl[i];
826 const struct gpfs_ace_v1 *g_ace = &pacl->ace_v1[i];
827
828 DEBUG(10, ("Converting type %d id %lu perm %x\n",
829 (int)g_ace->ace_type, (unsigned long)g_ace->ace_who,
830 (int)g_ace->ace_perm));
831
832 switch (g_ace->ace_type) {
833 case GPFS_ACL_USER:
834 ace->a_type = SMB_ACL_USER;
835 ace->info.user.uid = (uid_t)g_ace->ace_who;
836 break;
837 case GPFS_ACL_USER_OBJ:
838 ace->a_type = SMB_ACL_USER_OBJ;
839 break;
840 case GPFS_ACL_GROUP:
841 ace->a_type = SMB_ACL_GROUP;
842 ace->info.group.gid = (gid_t)g_ace->ace_who;
843 break;
844 case GPFS_ACL_GROUP_OBJ:
845 ace->a_type = SMB_ACL_GROUP_OBJ;
846 break;
847 case GPFS_ACL_OTHER:
848 ace->a_type = SMB_ACL_OTHER;
849 break;
850 case GPFS_ACL_MASK:
851 ace->a_type = SMB_ACL_MASK;
852 break;
853 default:
854 DEBUG(10, ("Got invalid ace_type: %d\n",
855 g_ace->ace_type));
856 TALLOC_FREE(result);
857 errno = EINVAL;
858 return NULL;
859 }
860
861 ace->a_perm = 0;
862 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_READ) ?
863 SMB_ACL_READ : 0;
864 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_WRITE) ?
865 SMB_ACL_WRITE : 0;
866 ace->a_perm |= (g_ace->ace_perm & ACL_PERM_EXECUTE) ?
867 SMB_ACL_EXECUTE : 0;
868
869 DEBUGADD(10, ("Converted to %d perm %x\n",
870 ace->a_type, ace->a_perm));
871 }
872
873 return result;
874 }
875
876 static SMB_ACL_T gpfsacl_get_posix_acl(const char *path, gpfs_aclType_t type,
877 TALLOC_CTX *mem_ctx)
878 {
879 struct gpfs_acl *pacl;
880 SMB_ACL_T result = NULL;
881
882 pacl = vfs_gpfs_getacl(talloc_tos(), path, false, type);
883
884 if (pacl == NULL) {
885 DEBUG(10, ("vfs_gpfs_getacl failed for %s with %s\n",
886 path, strerror(errno)));
887 if (errno == 0) {
888 errno = EINVAL;
889 }
890 goto done;
891 }
892
893 if (pacl->acl_version != GPFS_ACL_VERSION_POSIX) {
894 DEBUG(10, ("Got acl version %d, expected %d\n",
895 pacl->acl_version, GPFS_ACL_VERSION_POSIX));
896 errno = EINVAL;
897 goto done;
898 }
899
900 DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
901 pacl->acl_len, pacl->acl_level, pacl->acl_version,
902 pacl->acl_nace));
903
904 result = gpfs2smb_acl(pacl, mem_ctx);
905 if (result != NULL) {
906 errno = 0;
907 }
908
909 done:
910
911 if (pacl != NULL) {
912 talloc_free(pacl);
913 }
914 if (errno != 0) {
915 TALLOC_FREE(result);
916 }
917 return result;
918 }
919
920 static SMB_ACL_T gpfsacl_sys_acl_get_file(vfs_handle_struct *handle,
921 const char *path_p,
922 SMB_ACL_TYPE_T type,
923 TALLOC_CTX *mem_ctx)
924 {
925 gpfs_aclType_t gpfs_type;
926 struct gpfs_config_data *config;
927
928 SMB_VFS_HANDLE_GET_DATA(handle, config,
929 struct gpfs_config_data,
930 return NULL);
931
932 if (!config->acl) {
933 return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p,
934 type, mem_ctx);
935 }
936
937 switch(type) {
938 case SMB_ACL_TYPE_ACCESS:
939 gpfs_type = GPFS_ACL_TYPE_ACCESS;
940 break;
941 case SMB_ACL_TYPE_DEFAULT:
942 gpfs_type = GPFS_ACL_TYPE_DEFAULT;
943 break;
944 default:
945 DEBUG(0, ("Got invalid type: %d\n", type));
946 smb_panic("exiting");
947 }
948
949 return gpfsacl_get_posix_acl(path_p, gpfs_type, mem_ctx);
950 }
951
952 static SMB_ACL_T gpfsacl_sys_acl_get_fd(vfs_handle_struct *handle,
953 files_struct *fsp,
954 TALLOC_CTX *mem_ctx)
955 {
956 struct gpfs_config_data *config;
957
958 SMB_VFS_HANDLE_GET_DATA(handle, config,
959 struct gpfs_config_data,
960 return NULL);
961
962 if (!config->acl) {
963 return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx);
964 }
965
966 return gpfsacl_get_posix_acl(fsp->fsp_name->base_name,
967 GPFS_ACL_TYPE_ACCESS, mem_ctx);
968 }
969
970 static int gpfsacl_sys_acl_blob_get_file(vfs_handle_struct *handle,
971 const char *path_p,
972 TALLOC_CTX *mem_ctx,
973 char **blob_description,
974 DATA_BLOB *blob)
975 {
976 struct gpfs_config_data *config;
977 struct gpfs_opaque_acl *acl = NULL;
978 DATA_BLOB aclblob;
979 int result;
980
981 SMB_VFS_HANDLE_GET_DATA(handle, config,
982 struct gpfs_config_data,
983 return -1);
984
985 if (!config->acl) {
986 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p,
987 mem_ctx,
988 blob_description,
989 blob);
990 }
991
992 errno = 0;
993 acl = (struct gpfs_opaque_acl *)
994 vfs_gpfs_getacl(mem_ctx,
995 path_p,
996 true,
997 GPFS_ACL_TYPE_NFS4);
998
999 if (errno) {
1000 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1001 errno, strerror(errno)));
1002
1003 /* EINVAL means POSIX ACL, bail out on other cases */
1004 if (errno != EINVAL) {
1005 return -1;
1006 }
1007 }
1008
1009 if (acl != NULL) {
1010 /*
1011 * file has NFSv4 ACL
1012 *
1013 * we only need the actual ACL blob here
1014 * acl_version will always be NFS4 because we asked
1015 * for NFS4
1016 * acl_type is only used for POSIX ACLs
1017 */
1018 aclblob.data = (uint8_t*) acl->acl_var_data;
1019 aclblob.length = acl->acl_buffer_len;
1020
1021 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1022 if (!*blob_description) {
1023 talloc_free(acl);
1024 errno = ENOMEM;
1025 return -1;
1026 }
1027
1028 result = non_posix_sys_acl_blob_get_file_helper(handle, path_p,
1029 aclblob,
1030 mem_ctx, blob);
1031
1032 talloc_free(acl);
1033 return result;
1034 }
1035
1036 /* fall back to POSIX ACL */
1037 return posix_sys_acl_blob_get_file(handle, path_p, mem_ctx,
1038 blob_description, blob);
1039 }
1040
1041 static int gpfsacl_sys_acl_blob_get_fd(vfs_handle_struct *handle,
1042 files_struct *fsp,
1043 TALLOC_CTX *mem_ctx,
1044 char **blob_description,
1045 DATA_BLOB *blob)
1046 {
1047 struct gpfs_config_data *config;
1048 struct gpfs_opaque_acl *acl = NULL;
1049 DATA_BLOB aclblob;
1050 int result;
1051
1052 SMB_VFS_HANDLE_GET_DATA(handle, config,
1053 struct gpfs_config_data,
1054 return -1);
1055
1056 if (!config->acl) {
1057 return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx,
1058 blob_description, blob);
1059 }
1060
1061 errno = 0;
1062 acl = (struct gpfs_opaque_acl *) vfs_gpfs_getacl(mem_ctx,
1063 fsp->fsp_name->base_name,
1064 true,
1065 GPFS_ACL_TYPE_NFS4);
1066
1067 if (errno) {
1068 DEBUG(5, ("vfs_gpfs_getacl finished with errno %d: %s\n",
1069 errno, strerror(errno)));
1070
1071 /* EINVAL means POSIX ACL, bail out on other cases */
1072 if (errno != EINVAL) {
1073 return -1;
1074 }
1075 }
1076
1077 if (acl != NULL) {
1078 /*
1079 * file has NFSv4 ACL
1080 *
1081 * we only need the actual ACL blob here
1082 * acl_version will always be NFS4 because we asked
1083 * for NFS4
1084 * acl_type is only used for POSIX ACLs
1085 */
1086 aclblob.data = (uint8_t*) acl->acl_var_data;
1087 aclblob.length = acl->acl_buffer_len;
1088
1089 *blob_description = talloc_strdup(mem_ctx, "gpfs_nfs4_acl");
1090 if (!*blob_description) {
1091 talloc_free(acl);
1092 errno = ENOMEM;
1093 return -1;
1094 }
1095
1096 result = non_posix_sys_acl_blob_get_fd_helper(handle, fsp,
1097 aclblob, mem_ctx,
1098 blob);
1099
1100 talloc_free(acl);
1101 return result;
1102 }
1103
1104 /* fall back to POSIX ACL */
1105 return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx,
1106 blob_description, blob);
1107 }
1108
1109 static struct gpfs_acl *smb2gpfs_acl(const SMB_ACL_T pacl,
1110 SMB_ACL_TYPE_T type)
1111 {
1112 gpfs_aclLen_t len;
1113 struct gpfs_acl *result;
1114 int i;
1115
1116 DEBUG(10, ("smb2gpfs_acl: Got ACL with %d entries\n", pacl->count));
1117
1118 len = offsetof(gpfs_acl_t, ace_v1) + (pacl->count) *
1119 sizeof(gpfs_ace_v1_t);
1120
1121 result = (struct gpfs_acl *)SMB_MALLOC(len);
1122 if (result == NULL) {
1123 errno = ENOMEM;
1124 return result;
1125 }
1126
1127 result->acl_len = len;
1128 result->acl_level = 0;
1129 result->acl_version = GPFS_ACL_VERSION_POSIX;
1130 result->acl_type = (type == SMB_ACL_TYPE_DEFAULT) ?
1131 GPFS_ACL_TYPE_DEFAULT : GPFS_ACL_TYPE_ACCESS;
1132 result->acl_nace = pacl->count;
1133
1134 for (i=0; i<pacl->count; i++) {
1135 const struct smb_acl_entry *ace = &pacl->acl[i];
1136 struct gpfs_ace_v1 *g_ace = &result->ace_v1[i];
1137
1138 DEBUG(10, ("Converting type %d perm %x\n",
1139 (int)ace->a_type, (int)ace->a_perm));
1140
1141 g_ace->ace_perm = 0;
1142
1143 switch(ace->a_type) {
1144 case SMB_ACL_USER:
1145 g_ace->ace_type = GPFS_ACL_USER;
1146 g_ace->ace_who = (gpfs_uid_t)ace->info.user.uid;
1147 break;
1148 case SMB_ACL_USER_OBJ:
1149 g_ace->ace_type = GPFS_ACL_USER_OBJ;
1150 g_ace->ace_perm |= ACL_PERM_CONTROL;
1151 g_ace->ace_who = 0;
1152 break;
1153 case SMB_ACL_GROUP:
1154 g_ace->ace_type = GPFS_ACL_GROUP;
1155 g_ace->ace_who = (gpfs_uid_t)ace->info.group.gid;
1156 break;
1157 case SMB_ACL_GROUP_OBJ:
1158 g_ace->ace_type = GPFS_ACL_GROUP_OBJ;
1159 g_ace->ace_who = 0;
1160 break;
1161 case SMB_ACL_MASK:
1162 g_ace->ace_type = GPFS_ACL_MASK;
1163 g_ace->ace_perm = 0x8f;
1164 g_ace->ace_who = 0;
1165 break;
1166 case SMB_ACL_OTHER:
1167 g_ace->ace_type = GPFS_ACL_OTHER;
1168 g_ace->ace_who = 0;
1169 break;
1170 default:
1171 DEBUG(10, ("Got invalid ace_type: %d\n", ace->a_type));
1172 errno = EINVAL;
1173 SAFE_FREE(result);
1174 return NULL;
1175 }
1176
1177 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_READ) ?
1178 ACL_PERM_READ : 0;
1179 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_WRITE) ?
1180 ACL_PERM_WRITE : 0;
1181 g_ace->ace_perm |= (ace->a_perm & SMB_ACL_EXECUTE) ?
1182 ACL_PERM_EXECUTE : 0;
1183
1184 DEBUGADD(10, ("Converted to %d id %d perm %x\n",
1185 g_ace->ace_type, g_ace->ace_who, g_ace->ace_perm));
1186 }
1187
1188 return result;
1189 }
1190
1191 static int gpfsacl_sys_acl_set_file(vfs_handle_struct *handle,
1192 const char *name,
1193 SMB_ACL_TYPE_T type,
1194 SMB_ACL_T theacl)
1195 {
1196 struct gpfs_acl *gpfs_acl;
1197 int result;
1198 struct gpfs_config_data *config;
1199
1200 SMB_VFS_HANDLE_GET_DATA(handle, config,
1201 struct gpfs_config_data,
1202 return -1);
1203
1204 if (!config->acl) {
1205 return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, type, theacl);
1206 }
1207
1208 gpfs_acl = smb2gpfs_acl(theacl, type);
1209 if (gpfs_acl == NULL) {
1210 return -1;
1211 }
1212
1213 result = gpfswrap_putacl(discard_const_p(char, name),
1214 GPFS_PUTACL_STRUCT|GPFS_ACL_SAMBA, gpfs_acl);
1215
1216 SAFE_FREE(gpfs_acl);
1217 return result;
1218 }
1219
1220 static int gpfsacl_sys_acl_set_fd(vfs_handle_struct *handle,
1221 files_struct *fsp,
1222 SMB_ACL_T theacl)
1223 {
1224 struct gpfs_config_data *config;
1225
1226 SMB_VFS_HANDLE_GET_DATA(handle, config,
1227 struct gpfs_config_data,
1228 return -1);
1229
1230 if (!config->acl) {
1231 return SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, fsp, theacl);
1232 }
1233
1234 return gpfsacl_sys_acl_set_file(handle, fsp->fsp_name->base_name,
1235 SMB_ACL_TYPE_ACCESS, theacl);
1236 }
1237
1238 static int gpfsacl_sys_acl_delete_def_file(vfs_handle_struct *handle,
1239 const char *path)
1240 {
1241 struct gpfs_config_data *config;
1242
1243 SMB_VFS_HANDLE_GET_DATA(handle, config,
1244 struct gpfs_config_data,
1245 return -1);
1246
1247 if (!config->acl) {
1248 return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
1249 }
1250
1251 errno = ENOTSUP;
1252 return -1;
1253 }
1254
1255 /*
1256 * Assumed: mode bits are shiftable and standard
1257 * Output: the new aceMask field for an smb nfs4 ace
1258 */
1259 static uint32_t gpfsacl_mask_filter(uint32_t aceType, uint32_t aceMask, uint32_t rwx)
1260 {
1261 const uint32_t posix_nfs4map[3] = {
1262 SMB_ACE4_EXECUTE, /* execute */
1263 SMB_ACE4_WRITE_DATA | SMB_ACE4_APPEND_DATA, /* write; GPFS specific */
1264 SMB_ACE4_READ_DATA /* read */
1265 };
1266 int i;
1267 uint32_t posix_mask = 0x01;
1268 uint32_t posix_bit;
1269 uint32_t nfs4_bits;
1270
1271 for(i=0; i<3; i++) {
1272 nfs4_bits = posix_nfs4map[i];
1273 posix_bit = rwx & posix_mask;
1274
1275 if (aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE) {
1276 if (posix_bit)
1277 aceMask |= nfs4_bits;
1278 else
1279 aceMask &= ~nfs4_bits;
1280 } else {
1281 /* add deny bits when suitable */
1282 if (!posix_bit)
1283 aceMask |= nfs4_bits;
1284 else
1285 aceMask &= ~nfs4_bits;
1286 } /* other ace types are unexpected */
1287
1288 posix_mask <<= 1;
1289 }
1290
1291 return aceMask;
1292 }
1293
1294 static int gpfsacl_emu_chmod(vfs_handle_struct *handle,
1295 const char *path, mode_t mode)
1296 {
1297 SMB4ACL_T *pacl = NULL;
1298 int result;
1299 bool haveAllowEntry[SMB_ACE4_WHO_EVERYONE + 1] = {False, False, False, False};
1300 int i;
1301 files_struct fake_fsp = { 0 }; /* TODO: rationalize parametrization */
1302 SMB4ACE_T *smbace;
1303 TALLOC_CTX *frame = talloc_stackframe();
1304
1305 DEBUG(10, ("gpfsacl_emu_chmod invoked for %s mode %o\n", path, mode));
1306
1307 result = gpfs_get_nfs4_acl(frame, path, &pacl);
1308 if (result) {
1309 TALLOC_FREE(frame);
1310 return result;
1311 }
1312
1313 if (mode & ~(S_IRWXU | S_IRWXG | S_IRWXO)) {
1314 DEBUG(2, ("WARNING: cutting extra mode bits %o on %s\n", mode, path));
1315 }
1316
1317 for (smbace=smb_first_ace4(pacl); smbace!=NULL; smbace = smb_next_ace4(smbace)) {
1318 SMB_ACE4PROP_T *ace = smb_get_ace4(smbace);
1319 uint32_t specid = ace->who.special_id;
1320
1321 if (ace->flags&SMB_ACE4_ID_SPECIAL &&
1322 ace->aceType<=SMB_ACE4_ACCESS_DENIED_ACE_TYPE &&
1323 specid <= SMB_ACE4_WHO_EVERYONE) {
1324
1325 uint32_t newMask;
1326
1327 if (ace->aceType==SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE)
1328 haveAllowEntry[specid] = True;
1329
1330 /* mode >> 6 for @owner, mode >> 3 for @group,
1331 * mode >> 0 for @everyone */
1332 newMask = gpfsacl_mask_filter(ace->aceType, ace->aceMask,
1333 mode >> ((SMB_ACE4_WHO_EVERYONE - specid) * 3));
1334 if (ace->aceMask!=newMask) {
1335 DEBUG(10, ("ace changed for %s (%o -> %o) id=%d\n",
1336 path, ace->aceMask, newMask, specid));
1337 }
1338 ace->aceMask = newMask;
1339 }
1340 }
1341
1342 /* make sure we have at least ALLOW entries
1343 * for all the 3 special ids (@EVERYONE, @OWNER, @GROUP)
1344 * - if necessary
1345 */
1346 for(i = SMB_ACE4_WHO_OWNER; i<=SMB_ACE4_WHO_EVERYONE; i++) {
1347 SMB_ACE4PROP_T ace = { 0 };
1348
1349 if (haveAllowEntry[i]==True)
1350 continue;
1351
1352 ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE;
1353 ace.flags |= SMB_ACE4_ID_SPECIAL;
1354 ace.who.special_id = i;
1355
1356 if (i==SMB_ACE4_WHO_GROUP) /* not sure it's necessary... */
1357 ace.aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
1358
1359 ace.aceMask = gpfsacl_mask_filter(ace.aceType, ace.aceMask,
1360 mode >> ((SMB_ACE4_WHO_EVERYONE - i) * 3));
1361
1362 /* don't add unnecessary aces */
1363 if (!ace.aceMask)
1364 continue;
1365
1366 /* we add it to the END - as windows expects allow aces */
1367 smb_add_ace4(pacl, &ace);
1368 DEBUG(10, ("Added ALLOW ace for %s, mode=%o, id=%d, aceMask=%x\n",
1369 path, mode, i, ace.aceMask));
1370 }
1371
1372 /* don't add complementary DENY ACEs here */
1373 fake_fsp.fsp_name = synthetic_smb_fname(
1374 frame, path, NULL, NULL);
1375 if (fake_fsp.fsp_name == NULL) {
1376 errno = ENOMEM;
1377 TALLOC_FREE(frame);
1378 return -1;
1379 }
1380 /* put the acl */
1381 if (gpfsacl_process_smbacl(handle, &fake_fsp, pacl) == False) {
1382 TALLOC_FREE(frame);
1383 return -1;
1384 }
1385
1386 TALLOC_FREE(frame);
1387 return 0; /* ok for [f]chmod */
1388 }
1389
1390 static int vfs_gpfs_chmod(vfs_handle_struct *handle, const char *path, mode_t mode)
1391 {
1392 struct smb_filename *smb_fname_cpath;
1393 int rc;
1394
1395 smb_fname_cpath = synthetic_smb_fname(talloc_tos(), path, NULL, NULL);
1396 if (smb_fname_cpath == NULL) {
1397 errno = ENOMEM;
1398 return -1;
1399 }
1400
1401 if (SMB_VFS_NEXT_STAT(handle, smb_fname_cpath) != 0) {
1402 return -1;
1403 }
1404
1405 /* avoid chmod() if possible, to preserve acls */
1406 if ((smb_fname_cpath->st.st_ex_mode & ~S_IFMT) == mode) {
1407 return 0;
1408 }
1409
1410 rc = gpfsacl_emu_chmod(handle, path, mode);
1411 if (rc == 1)
1412 return SMB_VFS_NEXT_CHMOD(handle, path, mode);
1413 return rc;
1414 }
1415
1416 static int vfs_gpfs_fchmod(vfs_handle_struct *handle, files_struct *fsp, mode_t mode)
1417 {
1418 SMB_STRUCT_STAT st;
1419 int rc;
1420
1421 if (SMB_VFS_NEXT_FSTAT(handle, fsp, &st) != 0) {
1422 return -1;
1423 }
1424
1425 /* avoid chmod() if possible, to preserve acls */
1426 if ((st.st_ex_mode & ~S_IFMT) == mode) {
1427 return 0;
1428 }
1429
1430 rc = gpfsacl_emu_chmod(handle, fsp->fsp_name->base_name,
1431 mode);
1432 if (rc == 1)
1433 return SMB_VFS_NEXT_FCHMOD(handle, fsp, mode);
1434 return rc;
1435 }
1436
1437 static int gpfs_set_xattr(struct vfs_handle_struct *handle, const char *path,
1438 const char *name, const void *value, size_t size, int flags){
1439 struct xattr_DOSATTRIB dosattrib;
1440 enum ndr_err_code ndr_err;
1441 DATA_BLOB blob;
1442 unsigned int dosmode=0;
1443 struct gpfs_winattr attrs;
1444 int ret = 0;
1445 struct gpfs_config_data *config;
1446
1447 SMB_VFS_HANDLE_GET_DATA(handle, config,
1448 struct gpfs_config_data,
1449 return -1);
1450
1451 if (!config->winattr) {
1452 DEBUG(10, ("gpfs_set_xattr:name is %s -> next\n",name));
1453 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1454 }
1455
1456 DEBUG(10, ("gpfs_set_xattr: %s \n",path));
1457
1458 /* Only handle DOS Attributes */
1459 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1460 DEBUG(5, ("gpfs_set_xattr:name is %s\n",name));
1461 return SMB_VFS_NEXT_SETXATTR(handle,path,name,value,size,flags);
1462 }
1463
1464 blob.data = discard_const_p(uint8_t, value);
1465 blob.length = size;
1466
1467 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &dosattrib,
1468 (ndr_pull_flags_fn_t)ndr_pull_xattr_DOSATTRIB);
1469
1470 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
1471 DEBUG(1, ("gpfs_set_xattr: bad ndr decode "
1472 "from EA on file %s: Error = %s\n",
1473 path, ndr_errstr(ndr_err)));
1474 return false;
1475 }
1476
1477 if (dosattrib.version != 3) {
1478 DEBUG(1, ("gpfs_set_xattr: expected dosattrib version 3, got "
1479 "%d\n", (int)dosattrib.version));
1480 return false;
1481 }
1482 if (!(dosattrib.info.info3.valid_flags & XATTR_DOSINFO_ATTRIB)) {
1483 DEBUG(10, ("gpfs_set_xattr: XATTR_DOSINFO_ATTRIB not "
1484 "valid, ignoring\n"));
1485 return true;
1486 }
1487
1488 dosmode = dosattrib.info.info3.attrib;
1489
1490 attrs.winAttrs = 0;
1491 /*Just map RD_ONLY, ARCHIVE, SYSTEM HIDDEN and SPARSE. Ignore the others*/
1492 if (dosmode & FILE_ATTRIBUTE_ARCHIVE){
1493 attrs.winAttrs |= GPFS_WINATTR_ARCHIVE;
1494 }
1495 if (dosmode & FILE_ATTRIBUTE_HIDDEN){
1496 attrs.winAttrs |= GPFS_WINATTR_HIDDEN;
1497 }
1498 if (dosmode & FILE_ATTRIBUTE_SYSTEM){
1499 attrs.winAttrs |= GPFS_WINATTR_SYSTEM;
1500 }
1501 if (dosmode & FILE_ATTRIBUTE_READONLY){
1502 attrs.winAttrs |= GPFS_WINATTR_READONLY;
1503 }
1504 if (dosmode & FILE_ATTRIBUTE_SPARSE) {
1505 attrs.winAttrs |= GPFS_WINATTR_SPARSE_FILE;
1506 }
1507
1508
1509 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1510 GPFS_WINATTR_SET_ATTRS, &attrs);
1511 if ( ret == -1){
1512 if (errno == ENOSYS) {
1513 return SMB_VFS_NEXT_SETXATTR(handle, path, name, value,
1514 size, flags);
1515 }
1516
1517 DEBUG(1, ("gpfs_set_xattr:Set GPFS attributes failed %d\n",ret));
1518 return -1;
1519 }
1520
1521 DEBUG(10, ("gpfs_set_xattr:Set attributes: 0x%x\n",attrs.winAttrs));
1522 return 0;
1523 }
1524
1525 static ssize_t gpfs_get_xattr(struct vfs_handle_struct *handle, const char *path,
1526 const char *name, void *value, size_t size){
1527 char *attrstr = value;
1528 unsigned int dosmode = 0;
1529 struct gpfs_winattr attrs;
1530 int ret = 0;
1531 struct gpfs_config_data *config;
1532
1533 SMB_VFS_HANDLE_GET_DATA(handle, config,
1534 struct gpfs_config_data,
1535 return -1);
1536
1537 if (!config->winattr) {
1538 DEBUG(10, ("gpfs_get_xattr:name is %s -> next\n",name));
1539 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1540 }
1541
1542 DEBUG(10, ("gpfs_get_xattr: %s \n",path));
1543
1544 /* Only handle DOS Attributes */
1545 if (strcmp(name,SAMBA_XATTR_DOS_ATTRIB) != 0){
1546 DEBUG(5, ("gpfs_get_xattr:name is %s\n",name));
1547 return SMB_VFS_NEXT_GETXATTR(handle,path,name,value,size);
1548 }
1549
1550 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1551 if ( ret == -1){
1552 int dbg_lvl;
1553
1554 if (errno == ENOSYS) {
1555 return SMB_VFS_NEXT_GETXATTR(handle, path, name, value,
1556 size);
1557 }
1558
1559 if (errno != EPERM && errno != EACCES) {
1560 dbg_lvl = 1;
1561 } else {
1562 dbg_lvl = 5;
1563 }
1564 DEBUG(dbg_lvl, ("gpfs_get_xattr: Get GPFS attributes failed: "
1565 "%d (%s)\n", ret, strerror(errno)));
1566 return -1;
1567 }
1568
1569 DEBUG(10, ("gpfs_get_xattr:Got attributes: 0x%x\n",attrs.winAttrs));
1570
1571 /*Just map RD_ONLY, ARCHIVE, SYSTEM, HIDDEN and SPARSE. Ignore the others*/
1572 if (attrs.winAttrs & GPFS_WINATTR_ARCHIVE){
1573 dosmode |= FILE_ATTRIBUTE_ARCHIVE;
1574 }
1575 if (attrs.winAttrs & GPFS_WINATTR_HIDDEN){
1576 dosmode |= FILE_ATTRIBUTE_HIDDEN;
1577 }
1578 if (attrs.winAttrs & GPFS_WINATTR_SYSTEM){
1579 dosmode |= FILE_ATTRIBUTE_SYSTEM;
1580 }
1581 if (attrs.winAttrs & GPFS_WINATTR_READONLY){
1582 dosmode |= FILE_ATTRIBUTE_READONLY;
1583 }
1584 if (attrs.winAttrs & GPFS_WINATTR_SPARSE_FILE) {
1585 dosmode |= FILE_ATTRIBUTE_SPARSE;
1586 }
1587
1588 snprintf(attrstr, size, "0x%2.2x",
1589 (unsigned int)(dosmode & SAMBA_ATTRIBUTES_MASK));
1590 DEBUG(10, ("gpfs_get_xattr: returning %s\n",attrstr));
1591 return 4;
1592 }
1593
1594 #if defined(HAVE_FSTATAT)
1595 static int stat_with_capability(struct vfs_handle_struct *handle,
1596 struct smb_filename *smb_fname, int flag)
1597 {
1598 int fd = -1;
1599 bool b;
1600 char *dir_name;
1601 const char *rel_name = NULL;
1602 struct stat st;
1603 int ret = -1;
1604
1605 b = parent_dirname(talloc_tos(), smb_fname->base_name,
1606 &dir_name, &rel_name);
1607 if (!b) {
1608 errno = ENOMEM;
1609 return -1;
1610 }
1611
1612 fd = open(dir_name, O_RDONLY, 0);
1613 TALLOC_FREE(dir_name);
1614 if (fd == -1) {
1615 return -1;
1616 }
1617
1618 set_effective_capability(DAC_OVERRIDE_CAPABILITY);
1619 ret = fstatat(fd, rel_name, &st, flag);
1620 drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
1621
1622 close(fd);
1623
1624 if (ret == 0) {
1625 init_stat_ex_from_stat(
1626 &smb_fname->st, &st,
1627 lp_fake_directory_create_times(SNUM(handle->conn)));
1628 }
1629
1630 return ret;
1631 }
1632 #endif
1633
1634 static int vfs_gpfs_stat(struct vfs_handle_struct *handle,
1635 struct smb_filename *smb_fname)
1636 {
1637 struct gpfs_winattr attrs;
1638 char *fname = NULL;
1639 NTSTATUS status;
1640 int ret;
1641 struct gpfs_config_data *config;
1642
1643 SMB_VFS_HANDLE_GET_DATA(handle, config,
1644 struct gpfs_config_data,
1645 return -1);
1646
1647 ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
1648 #if defined(HAVE_FSTATAT)
1649 if (ret == -1 && errno == EACCES) {
1650 DEBUG(10, ("Trying stat with capability for %s\n",
1651 smb_fname->base_name));
1652 ret = stat_with_capability(handle, smb_fname, 0);
1653 }
1654 #endif
1655 if (ret == -1) {
1656 return -1;
1657 }
1658
1659 if (!config->winattr) {
1660 return 0;
1661 }
1662
1663 status = get_full_smb_filename(talloc_tos(), smb_fname, &fname);
1664 if (!NT_STATUS_IS_OK(status)) {
1665 errno = map_errno_from_nt_status(status);
1666 return -1;
1667 }
1668 ret = gpfswrap_get_winattrs_path(discard_const_p(char, fname), &attrs);
1669 TALLOC_FREE(fname);
1670 if (ret == 0) {
1671 smb_fname->st.st_ex_calculated_birthtime = false;
1672 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1673 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1674 }
1675 return 0;
1676 }
1677
1678 static int vfs_gpfs_fstat(struct vfs_handle_struct *handle,
1679 struct files_struct *fsp, SMB_STRUCT_STAT *sbuf)
1680 {
1681 struct gpfs_winattr attrs;
1682 int ret;
1683 struct gpfs_config_data *config;
1684
1685 SMB_VFS_HANDLE_GET_DATA(handle, config,
1686 struct gpfs_config_data,
1687 return -1);
1688
1689 ret = SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf);
1690 if (ret == -1) {
1691 return -1;
1692 }
1693 if ((fsp->fh == NULL) || (fsp->fh->fd == -1)) {
1694 return 0;
1695 }
1696 if (!config->winattr) {
1697 return 0;
1698 }
1699
1700 ret = gpfswrap_get_winattrs(fsp->fh->fd, &attrs);
1701 if (ret == 0) {
1702 sbuf->st_ex_calculated_birthtime = false;
1703 sbuf->st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1704 sbuf->st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1705 }
1706 return 0;
1707 }
1708
1709 static int vfs_gpfs_lstat(struct vfs_handle_struct *handle,
1710 struct smb_filename *smb_fname)
1711 {
1712 struct gpfs_winattr attrs;
1713 char *path = NULL;
1714 NTSTATUS status;
1715 int ret;
1716 struct gpfs_config_data *config;
1717
1718 SMB_VFS_HANDLE_GET_DATA(handle, config,
1719 struct gpfs_config_data,
1720 return -1);
1721
1722 ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
1723 #if defined(HAVE_FSTATAT)
1724 if (ret == -1 && errno == EACCES) {
1725 DEBUG(10, ("Trying lstat with capability for %s\n",
1726 smb_fname->base_name));
1727 ret = stat_with_capability(handle, smb_fname,
1728 AT_SYMLINK_NOFOLLOW);
1729 }
1730 #endif
1731
1732 if (ret == -1) {
1733 return -1;
1734 }
1735 if (!config->winattr) {
1736 return 0;
1737 }
1738
1739 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1740 if (!NT_STATUS_IS_OK(status)) {
1741 errno = map_errno_from_nt_status(status);
1742 return -1;
1743 }
1744 ret = gpfswrap_get_winattrs_path(discard_const_p(char, path), &attrs);
1745 TALLOC_FREE(path);
1746 if (ret == 0) {
1747 smb_fname->st.st_ex_calculated_birthtime = false;
1748 smb_fname->st.st_ex_btime.tv_sec = attrs.creationTime.tv_sec;
1749 smb_fname->st.st_ex_btime.tv_nsec = attrs.creationTime.tv_nsec;
1750 }
1751 return 0;
1752 }
1753
1754 static void timespec_to_gpfs_time(struct timespec ts, gpfs_timestruc_t *gt,
1755 int idx, int *flags)
1756 {
1757 if (!null_timespec(ts)) {
1758 *flags |= 1 << idx;
1759 gt[idx].tv_sec = ts.tv_sec;
1760 gt[idx].tv_nsec = ts.tv_nsec;
1761 DEBUG(10, ("Setting GPFS time %d, flags 0x%x\n", idx, *flags));
1762 }
1763 }
1764
1765 static int smbd_gpfs_set_times_path(char *path, struct smb_file_time *ft)
1766 {
1767 gpfs_timestruc_t gpfs_times[4];
1768 int flags = 0;
1769 int rc;
1770
1771 ZERO_ARRAY(gpfs_times);
1772 timespec_to_gpfs_time(ft->atime, gpfs_times, 0, &flags);
1773 timespec_to_gpfs_time(ft->mtime, gpfs_times, 1, &flags);
1774 /* No good mapping from LastChangeTime to ctime, not storing */
1775 timespec_to_gpfs_time(ft->create_time, gpfs_times, 3, &flags);
1776
1777 if (!flags) {
1778 DEBUG(10, ("nothing to do, return to avoid EINVAL\n"));
1779 return 0;
1780 }
1781
1782 rc = gpfswrap_set_times_path(path, flags, gpfs_times);
1783
1784 if (rc != 0 && errno != ENOSYS) {
1785 DEBUG(1,("gpfs_set_times() returned with error %s\n",
1786 strerror(errno)));
1787 }
1788
1789 return rc;
1790 }
1791
1792 static int vfs_gpfs_ntimes(struct vfs_handle_struct *handle,
1793 const struct smb_filename *smb_fname,
1794 struct smb_file_time *ft)
1795 {
1796
1797 struct gpfs_winattr attrs;
1798 int ret;
1799 char *path = NULL;
1800 NTSTATUS status;
1801 struct gpfs_config_data *config;
1802
1803 SMB_VFS_HANDLE_GET_DATA(handle, config,
1804 struct gpfs_config_data,
1805 return -1);
1806
1807 status = get_full_smb_filename(talloc_tos(), smb_fname, &path);
1808 if (!NT_STATUS_IS_OK(status)) {
1809 errno = map_errno_from_nt_status(status);
1810 return -1;
1811 }
1812
1813 /* Try to use gpfs_set_times if it is enabled and available */
1814 if (config->settimes) {
1815 ret = smbd_gpfs_set_times_path(path, ft);
1816
1817 if (ret == 0 || (ret == -1 && errno != ENOSYS)) {
1818 return ret;
1819 }
1820 }
1821
1822 DEBUG(10,("gpfs_set_times() not available or disabled, "
1823 "use ntimes and winattr\n"));
1824
1825 ret = SMB_VFS_NEXT_NTIMES(handle, smb_fname, ft);
1826 if(ret == -1){
1827 /* don't complain if access was denied */
1828 if (errno != EPERM && errno != EACCES) {
1829 DEBUG(1,("vfs_gpfs_ntimes: SMB_VFS_NEXT_NTIMES failed:"
1830 "%s", strerror(errno)));
1831 }
1832 return -1;
1833 }
1834
1835 if(null_timespec(ft->create_time)){
1836 DEBUG(10,("vfs_gpfs_ntimes:Create Time is NULL\n"));
1837 return 0;
1838 }
1839
1840 if (!config->winattr) {
1841 return 0;
1842 }
1843
1844 attrs.winAttrs = 0;
1845 attrs.creationTime.tv_sec = ft->create_time.tv_sec;
1846 attrs.creationTime.tv_nsec = ft->create_time.tv_nsec;
1847
1848 ret = gpfswrap_set_winattrs_path(discard_const_p(char, path),
1849 GPFS_WINATTR_SET_CREATION_TIME,
1850 &attrs);
1851 if(ret == -1 && errno != ENOSYS){
1852 DEBUG(1,("vfs_gpfs_ntimes: set GPFS ntimes failed %d\n",ret));
1853 return -1;
1854 }
1855 return 0;
1856
1857 }
1858
1859 static int vfs_gpfs_fallocate(struct vfs_handle_struct *handle,
1860 struct files_struct *fsp, uint32_t mode,
1861 off_t offset, off_t len)
1862 {
1863 int ret;
1864 struct gpfs_config_data *config;
1865
1866 SMB_VFS_HANDLE_GET_DATA(handle, config,
1867 struct gpfs_config_data,
1868 return -1);
1869
1870 if (!config->prealloc) {
1871 /* you should better not run fallocate() on GPFS at all */
1872 errno = ENOTSUP;
1873 return -1;
1874 }
1875
1876 if (mode != 0) {
1877 DEBUG(10, ("unmapped fallocate flags: %lx\n",
1878 (unsigned long)mode));
1879 errno = ENOTSUP;
1880 return -1;
1881 }
1882
1883 ret = gpfswrap_prealloc(fsp->fh->fd, offset, len);
1884
1885 if (ret == -1 && errno != ENOSYS) {
1886 DEBUG(0, ("GPFS prealloc failed: %s\n", strerror(errno)));
1887 } else if (ret == -1 && errno == ENOSYS) {
1888 DEBUG(10, ("GPFS prealloc not supported.\n"));
1889 } else {
1890 DEBUG(10, ("GPFS prealloc succeeded.\n"));
1891 }
1892
1893 return ret;
1894 }
1895
1896 static int vfs_gpfs_ftruncate(vfs_handle_struct *handle, files_struct *fsp,
1897 off_t len)
1898 {
1899 int result;
1900 struct gpfs_config_data *config;
1901
1902 SMB_VFS_HANDLE_GET_DATA(handle, config,
1903 struct gpfs_config_data,
1904 return -1);
1905
1906 if (!config->ftruncate) {
1907 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1908 }
1909
1910 result = gpfswrap_ftruncate(fsp->fh->fd, len);
1911 if ((result == -1) && (errno == ENOSYS)) {
1912 return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, len);
1913 }
1914 return result;
1915 }
1916
1917 static bool vfs_gpfs_is_offline(struct vfs_handle_struct *handle,
1918 const struct smb_filename *fname,
1919 SMB_STRUCT_STAT *sbuf)
1920 {
1921 struct gpfs_winattr attrs;
1922 char *path = NULL;
1923 NTSTATUS status;
1924 struct gpfs_config_data *config;
1925 int ret;
1926
1927 SMB_VFS_HANDLE_GET_DATA(handle, config,
1928 struct gpfs_config_data,
1929 return -1);
1930
1931 if (!config->winattr) {
1932 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1933 }
1934
1935 status = get_full_smb_filename(talloc_tos(), fname, &path);
1936 if (!NT_STATUS_IS_OK(status)) {
1937 errno = map_errno_from_nt_status(status);
1938 return -1;
1939 }
1940
1941 ret = gpfswrap_get_winattrs_path(path, &attrs);
1942 if (ret == -1) {
1943 TALLOC_FREE(path);
1944 return false;
1945 }
1946
1947 if ((attrs.winAttrs & GPFS_WINATTR_OFFLINE) != 0) {
1948 DEBUG(10, ("%s is offline\n", path));
1949 TALLOC_FREE(path);
1950 return true;
1951 }
1952 DEBUG(10, ("%s is online\n", path));
1953 TALLOC_FREE(path);
1954 return SMB_VFS_NEXT_IS_OFFLINE(handle, fname, sbuf);
1955 }
1956
1957 static bool vfs_gpfs_aio_force(struct vfs_handle_struct *handle,
1958 struct files_struct *fsp)
1959 {
1960 return vfs_gpfs_is_offline(handle, fsp->fsp_name, &fsp->fsp_name->st);
1961 }
1962
1963 static ssize_t vfs_gpfs_sendfile(vfs_handle_struct *handle, int tofd,
1964 files_struct *fsp, const DATA_BLOB *hdr,
1965 off_t offset, size_t n)
1966 {
1967 if (SMB_VFS_IS_OFFLINE(handle->conn, fsp->fsp_name, &fsp->fsp_name->st))
1968 {
1969 errno = ENOSYS;
1970 return -1;
1971 }
1972 return SMB_VFS_NEXT_SENDFILE(handle, tofd, fsp, hdr, offset, n);
1973 }
1974
1975 static int vfs_gpfs_connect(struct vfs_handle_struct *handle,
1976 const char *service, const char *user)
1977 {
1978 struct gpfs_config_data *config;
1979 int ret;
1980
1981 gpfswrap_lib_init(0);
1982
1983 config = talloc_zero(handle->conn, struct gpfs_config_data);
1984 if (!config) {
1985 DEBUG(0, ("talloc_zero() failed\n"));
1986 errno = ENOMEM;
1987 return -1;
1988 }
1989
1990 ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
1991 if (ret < 0) {
1992 TALLOC_FREE(config);
1993 return ret;
1994 }
1995
1996 config->sharemodes = lp_parm_bool(SNUM(handle->conn), "gpfs",
1997 "sharemodes", true);
1998
1999 config->leases = lp_parm_bool(SNUM(handle->conn), "gpfs",
2000 "leases", true);
2001
2002 config->hsm = lp_parm_bool(SNUM(handle->conn), "gpfs",
2003 "hsm", false);
2004
2005 config->syncio = lp_parm_bool(SNUM(handle->conn), "gpfs",
2006 "syncio", false);
2007
2008 config->winattr = lp_parm_bool(SNUM(handle->conn), "gpfs",
2009 "winattr", false);
2010
2011 config->ftruncate = lp_parm_bool(SNUM(handle->conn), "gpfs",
2012 "ftruncate", true);
2013
2014 config->getrealfilename = lp_parm_bool(SNUM(handle->conn), "gpfs",
2015 "getrealfilename", true);
2016
2017 config->dfreequota = lp_parm_bool(SNUM(handle->conn), "gpfs",
2018 "dfreequota", false);
2019
2020 config->prealloc = lp_parm_bool(SNUM(handle->conn), "gpfs",
2021 "prealloc", true);
2022
2023 config->acl = lp_parm_bool(SNUM(handle->conn), "gpfs", "acl", true);
2024
2025 config->settimes = lp_parm_bool(SNUM(handle->conn), "gpfs",
2026 "settimes", true);
2027 config->recalls = lp_parm_bool(SNUM(handle->conn), "gpfs",
2028 "recalls", true);
2029
2030 SMB_VFS_HANDLE_SET_DATA(handle, config,
2031 NULL, struct gpfs_config_data,
2032 return -1);
2033
2034 if (config->leases) {
2035 /*
2036 * GPFS lease code is based on kernel oplock code
2037 * so make sure it is turned on
2038 */
2039 if (!lp_kernel_oplocks(SNUM(handle->conn))) {
2040 DEBUG(5, ("Enabling kernel oplocks for "
2041 "gpfs:leases to work\n"));
2042 lp_do_parameter(SNUM(handle->conn), "kernel oplocks",
2043 "true");
2044 }
2045
2046 /*
2047 * as the kernel does not properly support Level II oplocks
2048 * and GPFS leases code is based on kernel infrastructure, we
2049 * need to turn off Level II oplocks if gpfs:leases is enabled
2050 */
2051 if (lp_level2_oplocks(SNUM(handle->conn))) {
2052 DEBUG(5, ("gpfs:leases are enabled, disabling "
2053 "Level II oplocks\n"));
2054 lp_do_parameter(SNUM(handle->conn), "level2 oplocks",
2055 "false");
2056 }
2057 }
2058
2059 return 0;
2060 }
2061
2062 static int get_gpfs_quota(const char *pathname, int type, int id,
2063 struct gpfs_quotaInfo *qi)
2064 {
2065 int ret;
2066
2067 ret = gpfswrap_quotactl(discard_const_p(char, pathname),
2068 GPFS_QCMD(Q_GETQUOTA, type), id, qi);
2069
2070 if (ret) {
2071 if (errno == GPFS_E_NO_QUOTA_INST) {
2072 DEBUG(10, ("Quotas disabled on GPFS filesystem.\n"));
2073 } else if (errno != ENOSYS) {
2074 DEBUG(0, ("Get quota failed, type %d, id, %d, "
2075 "errno %d.\n", type, id, errno));
2076 }
2077
2078 return ret;
2079 }
2080
2081 DEBUG(10, ("quota type %d, id %d, blk u:%lld h:%lld s:%lld gt:%u\n",
2082 type, id, qi->blockUsage, qi->blockHardLimit,
2083 qi->blockSoftLimit, qi->blockGraceTime));
2084
2085 return ret;
2086 }
2087
2088 static void vfs_gpfs_disk_free_quota(struct gpfs_quotaInfo qi, time_t cur_time,
2089 uint64_t *dfree, uint64_t *dsize)
2090 {
2091 uint64_t usage, limit;
2092
2093 /*
2094 * The quota reporting is done in units of 1024 byte blocks, but
2095 * sys_fsusage uses units of 512 byte blocks, adjust the block number
2096 * accordingly. Also filter possibly negative usage counts from gpfs.
2097 */
2098 usage = qi.blockUsage < 0 ? 0 : (uint64_t)qi.blockUsage * 2;
2099 limit = (uint64_t)qi.blockHardLimit * 2;
2100
2101 /*
2102 * When the grace time for the exceeded soft block quota has been
2103 * exceeded, the soft block quota becomes an additional hard limit.
2104 */
2105 if (qi.blockSoftLimit &&
2106 qi.blockGraceTime && cur_time > qi.blockGraceTime) {
2107 /* report disk as full */
2108 *dfree = 0;
2109 *dsize = MIN(*dsize, usage);
2110 }
2111
2112 if (!qi.blockHardLimit)
2113 return;
2114
2115 if (usage >= limit) {
2116 /* report disk as full */
2117 *dfree = 0;
2118 *dsize = MIN(*dsize, usage);
2119
2120 } else {
2121 /* limit has not been reached, determine "free space" */
2122 *dfree = MIN(*dfree, limit - usage);
2123 *dsize = MIN(*dsize, limit);
2124 }
2125 }
2126
2127 static uint64_t vfs_gpfs_disk_free(vfs_handle_struct *handle, const char *path,
2128 uint64_t *bsize,
2129 uint64_t *dfree, uint64_t *dsize)
2130 {
2131 struct security_unix_token *utok;
2132 struct gpfs_quotaInfo qi_user = { 0 }, qi_group = { 0 };
2133 struct gpfs_config_data *config;
2134 int err;
2135 time_t cur_time;
2136
2137 SMB_VFS_HANDLE_GET_DATA(handle, config, struct gpfs_config_data,
2138 return (uint64_t)-1);
2139 if (!config->dfreequota) {
2140 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2141 bsize, dfree, dsize);
2142 }
2143
2144 err = sys_fsusage(path, dfree, dsize);
2145 if (err) {
2146 DEBUG (0, ("Could not get fs usage, errno %d\n", errno));
2147 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2148 bsize, dfree, dsize);
2149 }
2150
2151 /* sys_fsusage returns units of 512 bytes */
2152 *bsize = 512;
2153
2154 DEBUG(10, ("fs dfree %llu, dsize %llu\n",
2155 (unsigned long long)*dfree, (unsigned long long)*dsize));
2156
2157 utok = handle->conn->session_info->unix_token;
2158
2159 err = get_gpfs_quota(path, GPFS_USRQUOTA, utok->uid, &qi_user);
2160 if (err) {
2161 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2162 bsize, dfree, dsize);
2163 }
2164
2165 err = get_gpfs_quota(path, GPFS_GRPQUOTA, utok->gid, &qi_group);
2166 if (err) {
2167 return SMB_VFS_NEXT_DISK_FREE(handle, path,
2168 bsize, dfree, dsize);
2169 }
2170
2171 cur_time = time(NULL);
2172
2173 /* Adjust free space and size according to quota limits. */
2174 vfs_gpfs_disk_free_quota(qi_user, cur_time, dfree, dsize);
2175 vfs_gpfs_disk_free_quota(qi_group, cur_time, dfree, dsize);
2176
2177 disk_norm(bsize, dfree, dsize);
2178 return *dfree;
2179 }
2180
2181 static uint32_t vfs_gpfs_capabilities(struct vfs_handle_struct *handle,
2182 enum timestamp_set_resolution *p_ts_res)
2183 {
2184 struct gpfs_config_data *config;
2185 uint32_t next;
2186
2187 next = SMB_VFS_NEXT_FS_CAPABILITIES(handle, p_ts_res);
2188
2189 SMB_VFS_HANDLE_GET_DATA(handle, config,
2190 struct gpfs_config_data,
2191 return next);
2192
2193 if (config->hsm) {
2194 next |= FILE_SUPPORTS_REMOTE_STORAGE;
2195 }
2196 return next;
2197 }
2198
2199 static int vfs_gpfs_open(struct vfs_handle_struct *handle,
2200 struct smb_filename *smb_fname, files_struct *fsp,
2201 int flags, mode_t mode)
2202 {
2203 struct gpfs_config_data *config;
2204
2205 SMB_VFS_HANDLE_GET_DATA(handle, config,
2206 struct gpfs_config_data,
2207 return -1);
2208
2209 if (config->hsm && !config->recalls) {
2210 if (SMB_VFS_IS_OFFLINE(handle->conn, smb_fname, &smb_fname->st))
2211 {
2212 DEBUG(10, ("Refusing access to offline file %s\n",
2213 fsp_str_dbg(fsp)));
2214 errno = EACCES;
2215 return -1;
2216 }
2217 }
2218
2219 if (config->syncio) {
2220 flags |= O_SYNC;
2221 }
2222 return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
2223 }
2224
2225 static ssize_t vfs_gpfs_pread(vfs_handle_struct *handle, files_struct *fsp,
2226 void *data, size_t n, off_t offset)
2227 {
2228 ssize_t ret;
2229 bool was_offline;
2230
2231 was_offline = SMB_VFS_IS_OFFLINE(handle->conn, fsp->fsp_name,
2232 &fsp->fsp_name->st);
2233
2234 ret = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset);
2235
2236 if ((ret != -1) && was_offline) {
2237 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2238 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2239 fsp->fsp_name->base_name);
2240 }
2241
2242 return ret;
2243 }
2244
2245 struct vfs_gpfs_pread_state {
2246 struct files_struct *fsp;
2247 ssize_t ret;
2248 int err;
2249 bool was_offline;
2250 };
2251
2252 static void vfs_gpfs_pread_done(struct tevent_req *subreq);
2253
2254 static struct tevent_req *vfs_gpfs_pread_send(struct vfs_handle_struct *handle,
2255 TALLOC_CTX *mem_ctx,
2256 struct tevent_context *ev,
2257 struct files_struct *fsp,
2258 void *data, size_t n,
2259 off_t offset)
2260 {
2261 struct tevent_req *req, *subreq;
2262 struct vfs_gpfs_pread_state *state;
2263
2264 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pread_state);
2265 if (req == NULL) {
2266 return NULL;
2267 }
2268 state->was_offline = SMB_VFS_IS_OFFLINE(handle->conn, fsp->fsp_name,
2269 &fsp->fsp_name->st);
2270 state->fsp = fsp;
2271 subreq = SMB_VFS_NEXT_PREAD_SEND(state, ev, handle, fsp, data,
2272 n, offset);
2273 if (tevent_req_nomem(subreq, req)) {
2274 return tevent_req_post(req, ev);
2275 }
2276 tevent_req_set_callback(subreq, vfs_gpfs_pread_done, req);
2277 return req;
2278 }
2279
2280 static void vfs_gpfs_pread_done(struct tevent_req *subreq)
2281 {
2282 struct tevent_req *req = tevent_req_callback_data(
2283 subreq, struct tevent_req);
2284 struct vfs_gpfs_pread_state *state = tevent_req_data(
2285 req, struct vfs_gpfs_pread_state);
2286
2287 state->ret = SMB_VFS_PREAD_RECV(subreq, &state->err);
2288 TALLOC_FREE(subreq);
2289 tevent_req_done(req);
2290 }
2291
2292 static ssize_t vfs_gpfs_pread_recv(struct tevent_req *req, int *err)
2293 {
2294 struct vfs_gpfs_pread_state *state = tevent_req_data(
2295 req, struct vfs_gpfs_pread_state);
2296 struct files_struct *fsp = state->fsp;
2297
2298 if (tevent_req_is_unix_error(req, err)) {
2299 return -1;
2300 }
2301 *err = state->err;
2302
2303 if ((state->ret != -1) && state->was_offline) {
2304 DEBUG(10, ("sending notify\n"));
2305 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2306 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2307 fsp->fsp_name->base_name);
2308 }
2309
2310 return state->ret;
2311 }
2312
2313 static ssize_t vfs_gpfs_pwrite(vfs_handle_struct *handle, files_struct *fsp,
2314 const void *data, size_t n, off_t offset)
2315 {
2316 ssize_t ret;
2317 bool was_offline;
2318
2319 was_offline = SMB_VFS_IS_OFFLINE(handle->conn, fsp->fsp_name,
2320 &fsp->fsp_name->st);
2321
2322 ret = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset);
2323
2324 if ((ret != -1) && was_offline) {
2325 notify_fname(handle->conn, NOTIFY_ACTION_MODIFIED,
2326 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2327 fsp->fsp_name->base_name);
2328 }
2329
2330 return ret;
2331 }
2332
2333 struct vfs_gpfs_pwrite_state {
2334 struct files_struct *fsp;
2335 ssize_t ret;
2336 int err;
2337 bool was_offline;
2338 };
2339
2340 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq);
2341
2342 static struct tevent_req *vfs_gpfs_pwrite_send(
2343 struct vfs_handle_struct *handle,
2344 TALLOC_CTX *mem_ctx,
2345 struct tevent_context *ev,
2346 struct files_struct *fsp,
2347 const void *data, size_t n,
2348 off_t offset)
2349 {
2350 struct tevent_req *req, *subreq;
2351 struct vfs_gpfs_pwrite_state *state;
2352
2353 req = tevent_req_create(mem_ctx, &state, struct vfs_gpfs_pwrite_state);
2354 if (req == NULL) {
2355 return NULL;
2356 }
2357 state->was_offline = SMB_VFS_IS_OFFLINE(handle->conn, fsp->fsp_name,
2358 &fsp->fsp_name->st);
2359 state->fsp = fsp;
2360 subreq = SMB_VFS_NEXT_PWRITE_SEND(state, ev, handle, fsp, data,
2361 n, offset);
2362 if (tevent_req_nomem(subreq, req)) {
2363 return tevent_req_post(req, ev);
2364 }
2365 tevent_req_set_callback(subreq, vfs_gpfs_pwrite_done, req);
2366 return req;
2367 }
2368
2369 static void vfs_gpfs_pwrite_done(struct tevent_req *subreq)
2370 {
2371 struct tevent_req *req = tevent_req_callback_data(
2372 subreq, struct tevent_req);
2373 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2374 req, struct vfs_gpfs_pwrite_state);
2375
2376 state->ret = SMB_VFS_PWRITE_RECV(subreq, &state->err);
2377 TALLOC_FREE(subreq);
2378 tevent_req_done(req);
2379 }
2380
2381 static ssize_t vfs_gpfs_pwrite_recv(struct tevent_req *req, int *err)
2382 {
2383 struct vfs_gpfs_pwrite_state *state = tevent_req_data(
2384 req, struct vfs_gpfs_pwrite_state);
2385 struct files_struct *fsp = state->fsp;
2386
2387 if (tevent_req_is_unix_error(req, err)) {
2388 return -1;
2389 }
2390 *err = state->err;
2391
2392 if ((state->ret != -1) && state->was_offline) {
2393 DEBUG(10, ("sending notify\n"));
2394 notify_fname(fsp->conn, NOTIFY_ACTION_MODIFIED,
2395 FILE_NOTIFY_CHANGE_ATTRIBUTES,
2396 fsp->fsp_name->base_name);
2397 }
2398
2399 return state->ret;
2400 }
2401
2402
2403 static struct vfs_fn_pointers vfs_gpfs_fns = {
2404 .connect_fn = vfs_gpfs_connect,
2405 .disk_free_fn = vfs_gpfs_disk_free,
2406 .fs_capabilities_fn = vfs_gpfs_capabilities,
2407 .kernel_flock_fn = vfs_gpfs_kernel_flock,
2408 .linux_setlease_fn = vfs_gpfs_setlease,
2409 .get_real_filename_fn = vfs_gpfs_get_real_filename,
2410 .fget_nt_acl_fn = gpfsacl_fget_nt_acl,
2411 .get_nt_acl_fn = gpfsacl_get_nt_acl,
2412 .fset_nt_acl_fn = gpfsacl_fset_nt_acl,
2413 .sys_acl_get_file_fn = gpfsacl_sys_acl_get_file,
2414 .sys_acl_get_fd_fn = gpfsacl_sys_acl_get_fd,
2415 .sys_acl_blob_get_file_fn = gpfsacl_sys_acl_blob_get_file,
2416 .sys_acl_blob_get_fd_fn = gpfsacl_sys_acl_blob_get_fd,
2417 .sys_acl_set_file_fn = gpfsacl_sys_acl_set_file,
2418 .sys_acl_set_fd_fn = gpfsacl_sys_acl_set_fd,
2419 .sys_acl_delete_def_file_fn = gpfsacl_sys_acl_delete_def_file,
2420 .chmod_fn = vfs_gpfs_chmod,
2421 .fchmod_fn = vfs_gpfs_fchmod,
2422 .close_fn = vfs_gpfs_close,
2423 .setxattr_fn = gpfs_set_xattr,
2424 .getxattr_fn = gpfs_get_xattr,
2425 .stat_fn = vfs_gpfs_stat,
2426 .fstat_fn = vfs_gpfs_fstat,
2427 .lstat_fn = vfs_gpfs_lstat,
2428 .ntimes_fn = vfs_gpfs_ntimes,
2429 .is_offline_fn = vfs_gpfs_is_offline,
2430 .aio_force_fn = vfs_gpfs_aio_force,
2431 .sendfile_fn = vfs_gpfs_sendfile,
2432 .fallocate_fn = vfs_gpfs_fallocate,
2433 .open_fn = vfs_gpfs_open,
2434 .pread_fn = vfs_gpfs_pread,
2435 .pread_send_fn = vfs_gpfs_pread_send,
2436 .pread_recv_fn = vfs_gpfs_pread_recv,
2437 .pwrite_fn = vfs_gpfs_pwrite,
2438 .pwrite_send_fn = vfs_gpfs_pwrite_send,
2439 .pwrite_recv_fn = vfs_gpfs_pwrite_recv,
2440 .ftruncate_fn = vfs_gpfs_ftruncate
2441 };
2442
2443 NTSTATUS vfs_gpfs_init(void);
2444 NTSTATUS vfs_gpfs_init(void)
2445 {
2446 int ret;
2447
2448 ret = gpfswrap_init();
2449 if (ret != 0) {
2450 DEBUG(1, ("Could not initialize GPFS library wrapper\n"));
2451 }
2452
2453 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "gpfs",
2454 &vfs_gpfs_fns);
2455 }
Samba GIT mirror